A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.
1:2.4.6-0ubuntu51:2.4.6-0ubuntu61:2.4.8-1ubuntu11:2.4.8-21:2.4.9-11:2.4.9-1ubuntu11:2.4.9-1ubuntu21:2.4.9-1ubuntu2+esm21:2.6.10-0ubuntu11:2.6.10-0ubuntu1+esm21:3.4.14-3ubuntu11:3.4.14-3ubuntu21:3.4.7-11:3.4.7-1ubuntu11:3.4.7-1ubuntu21:3.4.7-1ubuntu41:3.6.3-0ubuntu11:3.6.3-0ubuntu1.11:3.6.3-0ubuntu1.31:3.6.3-0ubuntu1.4+2 more1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu21:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu51:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.21:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.31:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1Exploitability
AV:NAC:HAT:PPR:LUI:NVulnerable System
VC:LVI:LVA:HSubsequent System
SC:LSI:NSA:NCVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:L/SI:N/SA:N